AI PRP: Request Kubeflow Exposed UI

[maoning]

References:

• https://www.microsoft.com/en-us/security/blog/2020/06/10/misconfigured-kubeflow-workloads-are-a-security-risk/?spm=a2c4g.11174386.n2.3.5c871051EQNQto

• https://www.zdnet.com/article/microsoft-discovers-cryptomining-gang-hijacking-ml-focused-kubernetes-clusters/

More vulnerability research is needed to find out how RCE can be verified in Kubeflow.

Please read the rules of engagement first at https://github.com/google/tsunami-security-scanner-plugins/issues/409.

[am0o0]

@maoning Hi, I read about this but I think it needs a lot more coding than a regular plugin, if you count this as a critical rating with top bounty I'm ready to implement a plugin for this as fast as possible!

[maoning]

Hi @am0o0, since you already picked up another request, let's put this on hold for now unless you want to work on this first. If you could provide detailed vulnerability research, vulnerable service configurations and plugin implementation, then we will pay out the max bounty.

[grandsilva]

Hello @maoning, it looks like you're the one responsible for assigning the bug hunters.

I'm really excited to dive into this issue and create a plugin. Since it's my first time making one, could you please assign it to me? I'd appreciate it a lot!

[grandsilva]

Hi, It's been two weeks since my initial comment and there hasn't been a response. Should I create a new issue to address the matter, or is there another course of action you would recommend? I'm concerned that my previous comment might have been overlooked. @tooryx @maoning

[grandsilva]

I'm pinging @tooryx too, maybe I receive a response faster.

[maoning]

Hi @grandsilva,

You can start working on this request and please complete the following tasks:

• [ ] Vulnerability research
• [ ] Provide Kubeflow config with exposed UI at https://github.com/google/security-testbeds/
• [ ] Fill in our participation form and create pull request for your implementation.

[grandsilva]

@maoning Unfortunately, setting up a Kubeflow central dashboard without authentication or misconfigured authorization is beyond my current abilities. I need to learn more about Kubernetes and Kustomize first.

For now, there is a production-ready setup according to their manifest: https://github.com/kubeflow/manifests?tab=readme-ov-file#port-forward This setup includes a default username and password, which administrators should change manually. However, they might forget to update these credentials after the launch. I can create a weak credential tester for it.

I’ve begun to dive deeper into Kubernetes and how to use Kustomize to create a vulnerable configuration. Please add this PRP to my queue. Also, I’d like to create a new AI PRP for a weak credential tester.

[grandsilva]

@tooryx @maoning Can I get an answer sooner? It's been a long time since the initial request already.

[grandsilva]

@maoning Unfortunately, setting up a Kubeflow central dashboard without authentication or misconfigured authorization is beyond my current abilities. I need to learn more about Kubernetes and Kustomize first.

For now, there is a production-ready setup according to their manifest: https://github.com/kubeflow/manifests?tab=readme-ov-file#port-forward This setup includes a default username and password, which administrators should change manually. However, they might forget to update these credentials after the launch. I can create a weak credential tester for it.

I’ve begun to dive deeper into Kubernetes and how to use Kustomize to create a vulnerable configuration. Please add this PRP to my queue. Also, I’d like to create a new AI PRP for a weak credential tester.

I opened an issue for better tracking: https://github.com/google/tsunami-security-scanner-plugins/issues/512